1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
declare(strict_types=1); |
4
|
|
|
|
5
|
|
|
/* |
6
|
|
|
* The MIT License (MIT) |
7
|
|
|
* |
8
|
|
|
* Copyright (c) 2014-2019 Spomky-Labs |
9
|
|
|
* |
10
|
|
|
* This software may be modified and distributed under the terms |
11
|
|
|
* of the MIT license. See the LICENSE file for details. |
12
|
|
|
*/ |
13
|
|
|
|
14
|
|
|
namespace Jose\Component\Console; |
15
|
|
|
|
16
|
|
|
use InvalidArgumentException; |
17
|
|
|
use Jose\Component\Core\JWKSet; |
18
|
|
|
use Jose\Component\Core\Util\JsonConverter; |
19
|
|
|
use Jose\Component\KeyManagement\Analyzer\KeyAnalyzerManager; |
20
|
|
|
use Jose\Component\KeyManagement\Analyzer\KeysetAnalyzerManager; |
21
|
|
|
use Jose\Component\KeyManagement\Analyzer\MessageBag; |
22
|
|
|
use Symfony\Component\Console\Command\Command; |
23
|
|
|
use Symfony\Component\Console\Formatter\OutputFormatterStyle; |
24
|
|
|
use Symfony\Component\Console\Input\InputArgument; |
25
|
|
|
use Symfony\Component\Console\Input\InputInterface; |
26
|
|
|
use Symfony\Component\Console\Output\OutputInterface; |
27
|
|
|
|
28
|
|
|
final class KeysetAnalyzerCommand extends Command |
29
|
|
|
{ |
30
|
|
|
/** |
31
|
|
|
* @var KeysetAnalyzerManager |
32
|
|
|
*/ |
33
|
|
|
private $keysetAnalyzerManager; |
34
|
|
|
|
35
|
|
|
/** |
36
|
|
|
* @var KeyAnalyzerManager |
37
|
|
|
*/ |
38
|
|
|
private $keyAnalyzerManager; |
39
|
|
|
|
40
|
|
|
public function __construct(KeysetAnalyzerManager $keysetAnalyzerManager, KeyAnalyzerManager $keyAnalyzerManager, string $name = null) |
41
|
|
|
{ |
42
|
|
|
parent::__construct($name); |
43
|
|
|
$this->keysetAnalyzerManager = $keysetAnalyzerManager; |
44
|
|
|
$this->keyAnalyzerManager = $keyAnalyzerManager; |
45
|
|
|
} |
46
|
|
|
|
47
|
|
|
protected function configure(): void |
48
|
|
|
{ |
49
|
|
|
parent::configure(); |
50
|
|
|
$this |
51
|
|
|
->setName('keyset:analyze') |
52
|
|
|
->setDescription('JWKSet quality analyzer.') |
53
|
|
|
->setHelp('This command will analyze a JWKSet object and find security issues.') |
54
|
|
|
->addArgument('jwkset', InputArgument::REQUIRED, 'The JWKSet object') |
55
|
|
|
; |
56
|
|
|
} |
57
|
|
|
|
58
|
|
|
protected function execute(InputInterface $input, OutputInterface $output): ?int |
59
|
|
|
{ |
60
|
|
|
$output->getFormatter()->setStyle('success', new OutputFormatterStyle('white', 'green')); |
61
|
|
|
$output->getFormatter()->setStyle('high', new OutputFormatterStyle('white', 'red', ['bold'])); |
62
|
|
|
$output->getFormatter()->setStyle('medium', new OutputFormatterStyle('yellow')); |
63
|
|
|
$output->getFormatter()->setStyle('low', new OutputFormatterStyle('blue')); |
64
|
|
|
|
65
|
|
|
$jwkset = $this->getKeyset($input); |
66
|
|
|
|
67
|
|
|
$messages = $this->keysetAnalyzerManager->analyze($jwkset); |
68
|
|
|
$this->showMessages($messages, $output); |
69
|
|
|
foreach ($jwkset as $kid => $jwk) { |
70
|
|
|
$output->writeln(sprintf('Analysing key with index/kid "%s"', $kid)); |
71
|
|
|
$messages = $this->keyAnalyzerManager->analyze($jwk); |
72
|
|
|
$this->showMessages($messages, $output); |
73
|
|
|
} |
74
|
|
|
|
75
|
|
|
return 0; |
76
|
|
|
} |
77
|
|
|
|
78
|
|
|
private function showMessages(MessageBag $messages, OutputInterface $output): void |
79
|
|
|
{ |
80
|
|
|
if (0 === $messages->count()) { |
81
|
|
|
$output->writeln(' <success>All good! No issue found.</success>'); |
82
|
|
|
} else { |
83
|
|
|
foreach ($messages->all() as $message) { |
84
|
|
|
$output->writeln(' <'.$message->getSeverity().'>* '.$message->getMessage().'</'.$message->getSeverity().'>'); |
85
|
|
|
} |
86
|
|
|
} |
87
|
|
|
} |
88
|
|
|
|
89
|
|
|
/** |
90
|
|
|
* @throws InvalidArgumentException if the JWKSet is invalid |
91
|
|
|
*/ |
92
|
|
|
private function getKeyset(InputInterface $input): JWKSet |
93
|
|
|
{ |
94
|
|
|
$jwkset = $input->getArgument('jwkset'); |
95
|
|
|
if (!\is_string($jwkset)) { |
96
|
|
|
throw new InvalidArgumentException('Invalid JWKSet'); |
97
|
|
|
} |
98
|
|
|
$json = JsonConverter::decode($jwkset); |
99
|
|
|
if (!\is_array($json)) { |
100
|
|
|
throw new InvalidArgumentException('Invalid JWKSet'); |
101
|
|
|
} |
102
|
|
|
|
103
|
|
|
return JWKSet::createFromKeyData($json); |
104
|
|
|
} |
105
|
|
|
} |
106
|
|
|
|